Escolar Documentos
Profissional Documentos
Cultura Documentos
or alternatively:
# firewall-cmd --state
running
1. Configure selinux.
Configure your systems that should be running in Enforcing.
2.Configure repository.
Create a Repository for your virtual machines. The URI is
http://content.example.com/rhel7.0/x86_64/dvd
[root@server3 Desktop]# cd /etc/yum.repos.d/
[root@server3 yum.repos.d]# vim newfile.repo
[root@server3 yum.repos.d]# cat newfile.repo
[client1]
name = "This repo is for rhce exam purpose"
baseurl =
http://sdtation.network0.example.com/content/rhel7.0/x86_64/dvd
gpgcheck = 0
enabled = 1
[root@server3 yum.repos.d]#
[root@server3 yum.repos.d]# yum clean all
.SSH configuration.
- Configure SSH access on your virtual hosts as follows.
- Clients within my22ilt.org (172.24.X.0/24, X is the foundation
machine no.) should NOT have access to ssh on your systems
success
# here i considered my22ilt.org domain network address as
172.25.10.0/24. In exam they will give you a network address of
all domains required to exam in the begining itself..
vim /etc/hosts.deny
sshd:172.25.2.0/24 or shhd:my133t.org
:wq
=================================================================
====================================================
5.
* Simple Command.
- Create a command called qstat on both systems.
- It should able to execute the following command
(ps -eo
pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm)
- The command shoud be executable by all users.
=================================================================
=================================================================
============
6.
* Configure ipv6 network.
- Configure eth0 with a static ipv6 addresses as
follows.
- Configure a Static IPv6 address in Server as
fddb:fe2a:ab1e::c0a8:64/64.
- Configure a Static IPv6 address in Desktop as
fddb:fe2a:ab1e::c0a8:02/64.
- Ping the local IPv6 gateway
fddb:fe2a:ab1e::c0a8:fe.
=================================================================
=================================================================
==============
7. revisit
* Link aggregation
- Configure your Server and Desktop which watches for
link changes and selects an
active port for data transfers.
- Server should use the address as
192.168.0.11/255.255.255.0.
- Desktop should use the address as
192.168.0.10/255.255.255.0.
[root@server3 bin]# nmcli connection add con-name team0 type team
ifname team0 config '{"runner": {"name": "activebackup"}}' ip4
192.168.0.10/24
Connection 'team0' (069b918b-c491-4ed7-abbe-02e1e78cb615)
successfully added.
[root@server3 bin]#
ifconfig -a
-----------------------------------------------------------------
--------------------
8. Revisit
* SMTP Configuration.
- Configure the SMTP mail service on Server and
Desktop which only relay mail from local system through
classroom.example.com, all outgoing mail have
their sender domain as example.com.
Ensure that mail should not store locally.
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued
that
# would otherwise bounce. This parameter disables locally-
generated
# bounces, and prevents the SMTP server from rejecting mail
permanently
# (by changing 5xx replies into 4xx replies). However,
soft_bounce
# is no cure for address rewriting mistakes or mail routing
mistakes.
#
#soft_bounce = no
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append
$myhostname,
# which is fine for small sites. If you run a domain with
multiple
# machines, you should (1) change this to $mydomain and (2) set
up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient
addresses,
# myorigin also specifies the default domain name that is
appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
# INTERNET OR INTRANET
# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting
including
# username->Firstname.Lastname mapping.
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases
used
# by the local delivery agent. The default list is system
dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for
syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases"
(or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user.
Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in
verbose
# logging level when an SMTP client or server host name or
address
# matches a pattern in the debug_peer_list parameter.
#
debug_peer_level = 2
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process
ID.
#
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name
$process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
#
# Another possibility is to run gdb under a detached screen
session.
# To attach to the screen sesssion, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the
detached
# sessions (from "screen -list").
#
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
[root@server3 Desktop]#
=================================================================
=================================================================
============
9.
* NFS server.
- Configure Server with the following requirements.
- Share the /common directory with the example.com
(172.25.X.0/24, X is the foundation machine no.) domain clients
only, share must be writable.
http://classroom.example.com/pub/keytabs/serverX.keytab
The exported directory should have read/write
access from example.com (172.25.X.0/24, X is the foundation
machine no.) domain.
Ensure the directory /restricted/protected should
be owned by the user arora with read/write permission.
Dependencies Resolved
=================================================================
============
Package Arch Version
Repository Size
=================================================================
============
Installing:
authconfig-gtk x86_64 6.2.8-8.el7 rhel_dvd
105 k
krb5-workstation x86_64 1.11.3-49.el7 rhel_dvd
724 k
sssd x86_64 1.11.2-65.el7 rhel_dvd
65 k
Installing for dependencies:
c-ares x86_64 1.10.0-3.el7 rhel_dvd
78 k
cyrus-sasl-gssapi x86_64 2.1.26-17.el7 rhel_dvd
40 k
libbasicobjects x86_64 0.1.0-22.el7 rhel_dvd
24 k
libcollection x86_64 0.6.2-22.el7 rhel_dvd
39 k
libdhash x86_64 0.4.3-22.el7 rhel_dvd
27 k
libini_config x86_64 1.0.0.1-22.el7 rhel_dvd
49 k
libipa_hbac x86_64 1.11.2-65.el7 rhel_dvd
71 k
libpath_utils x86_64 0.2.1-22.el7 rhel_dvd
27 k
libref_array x86_64 0.1.3-22.el7 rhel_dvd
25 k
libsss_idmap x86_64 1.11.2-65.el7 rhel_dvd
76 k
python-sssdconfig noarch 1.11.2-65.el7 rhel_dvd
96 k
sssd-ad x86_64 1.11.2-65.el7 rhel_dvd
167 k
sssd-common x86_64 1.11.2-65.el7 rhel_dvd
1.2 M
sssd-common-pac x86_64 1.11.2-65.el7 rhel_dvd
120 k
sssd-ipa x86_64 1.11.2-65.el7 rhel_dvd
271 k
sssd-krb5 x86_64 1.11.2-65.el7 rhel_dvd
108 k
sssd-krb5-common x86_64 1.11.2-65.el7 rhel_dvd
201 k
sssd-ldap x86_64 1.11.2-65.el7 rhel_dvd
202 k
sssd-proxy x86_64 1.11.2-65.el7 rhel_dvd
115 k
Transaction Summary
=================================================================
============
Install 3 Packages (+19 Dependent packages)
Total download size: 3.8 M
Installed size: 9.3 M
Downloading packages:
(1/22): authconfig-gtk-6.2.8-8.el7.x86_64.rpm | 105 kB
00:00
(2/22): c-ares-1.10.0-3.el7.x86_64.rpm | 78 kB
00:00
(3/22): cyrus-sasl-gssapi-2.1.26-17.el7.x86_64.rpm | 40 kB
00:00
(4/22): libbasicobjects-0.1.0-22.el7.x86_64.rpm | 24 kB
00:00
(5/22): libcollection-0.6.2-22.el7.x86_64.rpm | 39 kB
00:00
(6/22): krb5-workstation-1.11.3-49.el7.x86_64.rpm | 724 kB
00:00
(7/22): libdhash-0.4.3-22.el7.x86_64.rpm | 27 kB
00:00
(8/22): libini_config-1.0.0.1-22.el7.x86_64.rpm | 49 kB
00:00
(9/22): libpath_utils-0.2.1-22.el7.x86_64.rpm | 27 kB
00:00
(10/22): libref_array-0.1.3-22.el7.x86_64.rpm | 25 kB
00:00
(11/22): libsss_idmap-1.11.2-65.el7.x86_64.rpm | 76 kB
00:00
(12/22): python-sssdconfig-1.11.2-65.el7.noarch.rpm | 96 kB
00:00
(13/22): sssd-1.11.2-65.el7.x86_64.rpm | 65 kB
00:00
(14/22): sssd-ad-1.11.2-65.el7.x86_64.rpm | 167 kB
00:00
(15/22): sssd-common-1.11.2-65.el7.x86_64.rpm | 1.2 MB
00:00
(16/22): sssd-common-pac-1.11.2-65.el7.x86_64.rpm | 120 kB
00:00
(17/22): sssd-ipa-1.11.2-65.el7.x86_64.rpm | 271 kB
00:00
(18/22): libipa_hbac-1.11.2-65.el7.x86_64.rpm | 71 kB
00:00
(19/22): sssd-krb5-1.11.2-65.el7.x86_64.rpm | 108 kB
00:00
(20/22): sssd-krb5-common-1.11.2-65.el7.x86_64.rpm | 201 kB
00:00
(21/22): sssd-proxy-1.11.2-65.el7.x86_64.rpm | 115 kB
00:00
(22/22): sssd-ldap-1.11.2-65.el7.x86_64.rpm | 202 kB
00:00
-----------------------------------------------------------------
------------
Total 2.6 MB/s | 3.8 MB
00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libdhash-0.4.3-22.el7.x86_64
1/22
Installing : libsss_idmap-1.11.2-65.el7.x86_64
2/22
Installing : libcollection-0.6.2-22.el7.x86_64
3/22
Installing : libpath_utils-0.2.1-22.el7.x86_64
4/22
Installing : libipa_hbac-1.11.2-65.el7.x86_64
5/22
Installing : libbasicobjects-0.1.0-22.el7.x86_64
6/22
Installing : libref_array-0.1.3-22.el7.x86_64
7/22
Installing : libini_config-1.0.0.1-22.el7.x86_64
8/22
Installing : c-ares-1.10.0-3.el7.x86_64
9/22
Installing : sssd-common-1.11.2-65.el7.x86_64
10/22
Installing : sssd-common-pac-1.11.2-65.el7.x86_64
11/22
Installing : sssd-proxy-1.11.2-65.el7.x86_64
12/22
Installing : cyrus-sasl-gssapi-2.1.26-17.el7.x86_64
13/22
Installing : sssd-krb5-common-1.11.2-65.el7.x86_64
14/22
Installing : sssd-ipa-1.11.2-65.el7.x86_64
15/22
Installing : sssd-krb5-1.11.2-65.el7.x86_64
16/22
Installing : sssd-ldap-1.11.2-65.el7.x86_64
17/22
Installing : sssd-ad-1.11.2-65.el7.x86_64
18/22
Installing : python-sssdconfig-1.11.2-65.el7.noarch
19/22
Installing : sssd-1.11.2-65.el7.x86_64
20/22
Installing : authconfig-gtk-6.2.8-8.el7.x86_64
21/22
Installing : krb5-workstation-1.11.3-49.el7.x86_64
22/22
Verifying : libcollection-0.6.2-22.el7.x86_64
1/22
Verifying : krb5-workstation-1.11.3-49.el7.x86_64
2/22
Verifying : python-sssdconfig-1.11.2-65.el7.noarch
3/22
Verifying : sssd-ipa-1.11.2-65.el7.x86_64
4/22
Verifying : cyrus-sasl-gssapi-2.1.26-17.el7.x86_64
5/22
Verifying : libsss_idmap-1.11.2-65.el7.x86_64
6/22
Verifying : sssd-proxy-1.11.2-65.el7.x86_64
7/22
Verifying : sssd-common-1.11.2-65.el7.x86_64
8/22
Verifying : sssd-krb5-common-1.11.2-65.el7.x86_64
9/22
Verifying : authconfig-gtk-6.2.8-8.el7.x86_64
10/22
Verifying : sssd-krb5-1.11.2-65.el7.x86_64
11/22
Verifying : c-ares-1.10.0-3.el7.x86_64
12/22
Verifying : libini_config-1.0.0.1-22.el7.x86_64
13/22
Verifying : libref_array-0.1.3-22.el7.x86_64
14/22
Verifying : libdhash-0.4.3-22.el7.x86_64
15/22
Verifying : sssd-ldap-1.11.2-65.el7.x86_64
16/22
Verifying : sssd-ad-1.11.2-65.el7.x86_64
17/22
Verifying : libbasicobjects-0.1.0-22.el7.x86_64
18/22
Verifying : sssd-common-pac-1.11.2-65.el7.x86_64
19/22
Verifying : libipa_hbac-1.11.2-65.el7.x86_64
20/22
Verifying : sssd-1.11.2-65.el7.x86_64
21/22
Verifying : libpath_utils-0.2.1-22.el7.x86_64
22/22
Installed:
authconfig-gtk.x86_64 0:6.2.8-8.el7
krb5-workstation.x86_64 0:1.11.3-49.el7
sssd.x86_64 0:1.11.2-65.el7
Dependency Installed:
c-ares.x86_64 0:1.10.0-3.el7
cyrus-sasl-gssapi.x86_64 0:2.1.26-17.el7
libbasicobjects.x86_64 0:0.1.0-22.el7
libcollection.x86_64 0:0.6.2-22.el7
libdhash.x86_64 0:0.4.3-22.el7
libini_config.x86_64 0:1.0.0.1-22.el7
libipa_hbac.x86_64 0:1.11.2-65.el7
libpath_utils.x86_64 0:0.2.1-22.el7
libref_array.x86_64 0:0.1.3-22.el7
libsss_idmap.x86_64 0:1.11.2-65.el7
python-sssdconfig.noarch 0:1.11.2-65.el7
sssd-ad.x86_64 0:1.11.2-65.el7
sssd-common.x86_64 0:1.11.2-65.el7
sssd-common-pac.x86_64 0:1.11.2-65.el7
sssd-ipa.x86_64 0:1.11.2-65.el7
sssd-krb5.x86_64 0:1.11.2-65.el7
sssd-krb5-common.x86_64 0:1.11.2-65.el7
sssd-ldap.x86_64 0:1.11.2-65.el7
sssd-proxy.x86_64 0:1.11.2-65.el7
Complete!
[root@server3 Desktop]# authconfig-gtk
Full path required for exclude: net:[4026532297].
Full path required for exclude: net:[4026532297].
[root@server3 Desktop]# systemctl status sssd.service
sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled)
Active: active (running) since Mon 2015-06-08 05:45:42 IST; 8s
ago
Process: 4195 ExecStart=/usr/sbin/sssd -D -f (code=exited,
status=0/SUCCESS)
Main PID: 4196 (sssd)
CGroup: /system.slice/sssd.service
??4196 /usr/sbin/sssd -D -f
??4197 /usr/libexec/sssd/sssd_be --domain default
--debug-to-fi...
??4198 /usr/libexec/sssd/sssd_nss --debug-to-files
??4199 /usr/libexec/sssd/sssd_pam --debug-to-files
??4200 /usr/libexec/sssd/sssd_autofs --debug-to-files
This verifies that the host can authenticate and shows that
Kerberos authentication configuration is correct.
kinit -k or kinit username
[root@server3 Desktop]# getent passwd ldapuser3
ldapuser3:*:1703:1703:LDAP Test User
3:/home/guests/ldapuser3:/bin/bash
[root@server3 Desktop]#
[root@server3 Desktop]# i am assuming user arora as ldapuser3
because it should be a network user and i dont have a network
user by the name arora
bash: i: command not found...
[root@server3 Desktop]#
Dependencies Resolved
=================================================================
============
Package Arch Version
Repository Size
=================================================================
============
Installing:
authconfig-gtk x86_64 6.2.8-8.el7 rhel_dvd
105 k
krb5-workstation x86_64 1.11.3-49.el7 rhel_dvd
724 k
sssd x86_64 1.11.2-65.el7 rhel_dvd
65 k
Installing for dependencies:
c-ares x86_64 1.10.0-3.el7 rhel_dvd
78 k
cyrus-sasl-gssapi x86_64 2.1.26-17.el7 rhel_dvd
40 k
libbasicobjects x86_64 0.1.0-22.el7 rhel_dvd
24 k
libcollection x86_64 0.6.2-22.el7 rhel_dvd
39 k
libdhash x86_64 0.4.3-22.el7 rhel_dvd
27 k
libini_config x86_64 1.0.0.1-22.el7 rhel_dvd
49 k
libipa_hbac x86_64 1.11.2-65.el7 rhel_dvd
71 k
libpath_utils x86_64 0.2.1-22.el7 rhel_dvd
27 k
libref_array x86_64 0.1.3-22.el7 rhel_dvd
25 k
libsss_idmap x86_64 1.11.2-65.el7 rhel_dvd
76 k
python-sssdconfig noarch 1.11.2-65.el7 rhel_dvd
96 k
sssd-ad x86_64 1.11.2-65.el7 rhel_dvd
167 k
sssd-common x86_64 1.11.2-65.el7 rhel_dvd
1.2 M
sssd-common-pac x86_64 1.11.2-65.el7 rhel_dvd
120 k
sssd-ipa x86_64 1.11.2-65.el7 rhel_dvd
271 k
sssd-krb5 x86_64 1.11.2-65.el7 rhel_dvd
108 k
sssd-krb5-common x86_64 1.11.2-65.el7 rhel_dvd
201 k
sssd-ldap x86_64 1.11.2-65.el7 rhel_dvd
202 k
sssd-proxy x86_64 1.11.2-65.el7 rhel_dvd
115 k
Transaction Summary
=================================================================
============
Install 3 Packages (+19 Dependent packages)
Dependency Installed:
c-ares.x86_64 0:1.10.0-3.el7
cyrus-sasl-gssapi.x86_64 0:2.1.26-17.el7
libbasicobjects.x86_64 0:0.1.0-22.el7
libcollection.x86_64 0:0.6.2-22.el7
libdhash.x86_64 0:0.4.3-22.el7
libini_config.x86_64 0:1.0.0.1-22.el7
libipa_hbac.x86_64 0:1.11.2-65.el7
libpath_utils.x86_64 0:0.2.1-22.el7
libref_array.x86_64 0:0.1.3-22.el7
libsss_idmap.x86_64 0:1.11.2-65.el7
python-sssdconfig.noarch 0:1.11.2-65.el7
sssd-ad.x86_64 0:1.11.2-65.el7
sssd-common.x86_64 0:1.11.2-65.el7
sssd-common-pac.x86_64 0:1.11.2-65.el7
sssd-ipa.x86_64 0:1.11.2-65.el7
sssd-krb5.x86_64 0:1.11.2-65.el7
sssd-krb5-common.x86_64 0:1.11.2-65.el7
sssd-ldap.x86_64 0:1.11.2-65.el7
sssd-proxy.x86_64 0:1.11.2-65.el7
Complete!
[root@desktop3 ~]#
[root@desktop3 ~]# systemctl enable nfs-secure.service
ln -s '/usr/lib/systemd/system/nfs-secure.service'
'/etc/systemd/system/nfs.target.wants/nfs-secure.service'
[root@desktop3 ~]#
[root@desktop3 ~]#
#
# /etc/fstab
# Created by anaconda on Wed May 7 01:22:57 2014
#
# Accessible filesystems, by reference, are maintained under
'/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for
more info
#
UUID=9bf6b9f7-92ad-441b-848e-0257cbb883d1 /
xfs defaults 1 1
server3:/common /public nfs defaults 0 0
server3:/restricted/protected /secure nfs defaults,sec=krb5p 0 0
[root@desktop3 ~]# mkdir
[root@desktop3 ~]# mkdir -p /secure
[root@desktop3 ~]# mount -a
[root@desktop3 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 10G 3.1G 7.0G 31% /
devtmpfs 906M 0 906M 0% /dev
tmpfs 921M 80K 921M 1% /dev/shm
tmpfs 921M 17M 904M 2% /run
tmpfs 921M 0 921M 0%
/sys/fs/cgroup
server3:/common 10G 3.1G 7.0G 31% /public
server3:/restricted/protected 10G 3.1G 7.0G 31% /secure
[root@desktop3 ~]#
=================================================================
=================================================================
=======================
11.
[root@server3 Desktop]#
[root@server3 Desktop]# yum install samba samba-client samba-
winbind -y
Loaded plugins: langpacks
Package samba-4.1.1-31.el7.x86_64 already installed and latest
version
Package samba-client-4.1.1-31.el7.x86_64 already installed and
latest version
Resolving Dependencies
--> Running transaction check
---> Package samba-winbind.x86_64 0:4.1.1-31.el7 will be
installed
--> Processing Dependency: samba-winbind-modules = 4.1.1-31.el7
for package: samba-winbind-4.1.1-31.el7.x86_64
--> Running transaction check
---> Package samba-winbind-modules.x86_64 0:4.1.1-31.el7 will be
installed
--> Processing Dependency: libiniparser.so.0()(64bit) for
package: samba-winbind-modules-4.1.1-31.el7.x86_64
--> Running transaction check
---> Package iniparser.x86_64 0:3.1-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================
============
Package Arch Version
Repository Size
=================================================================
============
Installing:
samba-winbind x86_64 4.1.1-31.el7
rhel_dvd 449 k
Installing for dependencies:
iniparser x86_64 3.1-5.el7
rhel_dvd 14 k
samba-winbind-modules x86_64 4.1.1-31.el7
rhel_dvd 95 k
Transaction Summary
=================================================================
============
Install 1 Package (+2 Dependent packages)
Installed:
samba-winbind.x86_64 0:4.1.1-31.el7
Dependency Installed:
iniparser.x86_64 0:3.1-5.el7 samba-winbind-modules.x86_64
0:4.1.1-31.el7
Complete!
[root@server3 Desktop]# yum install samba-common -y
Loaded plugins: langpacks
Package samba-common-4.1.1-31.el7.x86_64 already installed and
latest version
Nothing to do
[root@server3 Desktop]# systemctl enable smb.service nmb.service
ln -s '/usr/lib/systemd/system/smb.service'
'/etc/systemd/system/multi-user.target.wants/smb.service'
ln -s '/usr/lib/systemd/system/nmb.service'
'/etc/systemd/system/multi-user.target.wants/nmb.service'
[root@server3 Desktop]#
[root@server3 Desktop]# systemctl start smb.service nmb.service
[root@server3 Desktop]# firewall-cmd --permanent --add-
service=samba
success
[root@server3 Desktop]# firewall-cmd --reload
success
[root@server3 Desktop]# vim /etc/samba/smb.conf
[root@server3 Desktop]# mkdir /common
mkdir: cannot create directory ‘/common’: File exists
[root@server3 Desktop]# chcon -t samba_share_t /common/
[root@server3 Desktop]# useradd susan
[root@server3 Desktop]# smbpasswd -a susan
New SMB password:
Retype new SMB password:
Added user susan.
[root@server3 Desktop]# smbpasswd -a susan
New SMB password:
Retype new SMB password:
[root@server3 Desktop]#
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
[common]
comment = "This is test share"
path = /common
valid users = susan
hosts allow = 172.25.3.0/24
[root@server3 Desktop]# systemctl restart smb.service nmb.service
[root@server3 Desktop]#
[root@server3 Desktop]# ssh desktop3
root@desktop3's password:
Last login: Mon Jun 8 06:06:04 2015 from server3.example.com
=================================================================
=================================================================
=====================
12.
* smb mount.
- On Desktop mount the samba share /cloudshare
permanently beneath /mnt/smbspace as a multiuser mount.
- the samba share should be mounted with the
credentials of frankenstein.
Dependencies Resolved
=================================================================
============
Package Arch Version
Repository Size
=================================================================
============
Installing:
samba x86_64 4.1.1-31.el7
rhel_dvd 527 k
samba-client x86_64 4.1.1-31.el7
rhel_dvd 513 k
samba-winbind x86_64 4.1.1-31.el7
rhel_dvd 449 k
Installing for dependencies:
iniparser x86_64 3.1-5.el7
rhel_dvd 14 k
samba-winbind-modules x86_64 4.1.1-31.el7
rhel_dvd 95 k
Transaction Summary
=================================================================
============
Install 3 Packages (+2 Dependent packages)
Installed:
samba.x86_64 0:4.1.1-31.el7 samba-client.x86_64
0:4.1.1-31.el7
samba-winbind.x86_64 0:4.1.1-31.el7
Dependency Installed:
iniparser.x86_64 0:3.1-5.el7 samba-winbind-modules.x86_64
0:4.1.1-31.el7
Complete!
[root@desktop3 ~]#
[root@desktop3 ~]# systemctl enable samba.service nmb.service
ln -s '/usr/lib/systemd/system/smb.service'
'/etc/systemd/system/multi-user.target.wants/smb.service'
ln -s '/usr/lib/systemd/system/nmb.service'
'/etc/systemd/system/multi-user.target.wants/nmb.service'
[root@desktop3 ~]# systemctl start smb.service nmb.service
[root@desktop3 ~]# firewall-cmd --permanent --add-service=samba
success
[root@desktop3 ~]# firewall-cmd --reload
success
[root@desktop3 ~]# mkdir /cloudshare
[root@desktop3 ~]# chmod 777 /cloudshare
[root@desktop3 ~]# chcon -t samba_share_t /cloudshare
[root@desktop3 ~]# vim /etc/samba/smb.conf
[root@desktop3 ~]# vim /etc/samba/smb.conf
[root@desktop3 ~]# vim /etc/samba/smb.conf
[root@desktop3 ~]# useradd martin
[root@desktop3 ~]# useradd frankenstein
[root@desktop3 ~]# smbpasswd -a frankenstein
New SMB password:
Retype new SMB password:
Added user frankenstein.
[root@desktop3 ~]# smbpasswd -a martin
New SMB password:
Retype new SMB password:
Added user martin.
[root@desktop3 ~]# systemctl restart smb.service nmb.service
[root@desktop3 ~]#
[root@desktop3 ~]# ssh desktop3
The authenticity of host 'desktop3 (172.25.3.10)' can't be
established.
ECDSA key fingerprint is
eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? ^C
[root@desktop3 ~]# ssh server3
The authenticity of host 'server3 (172.25.3.11)' can't be
established.
ECDSA key fingerprint is
eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server3,172.25.3.11' (ECDSA) to the
list of known hosts.
root@server3's password:
Last login: Mon Jun 8 05:05:13 2015
[root@server3 ~]# yum install cifs-utils -y
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package cifs-utils.x86_64 0:6.2-6.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================
============
Package Arch Version Repository
Size
=================================================================
============
Installing:
cifs-utils x86_64 6.2-6.el7 rhel_dvd
83 k
Transaction Summary
=================================================================
============
Install 1 Package
Installed:
cifs-utils.x86_64 0:6.2-6.el7
Complete!
[root@server3 ~]# echo "//desktop3/OPENGROUP /mnt/smbspace cifs
defaults,multiuser,sec=ntlmssp,credentials=/root/pass 0 0"
>>/etc/fstab
[root@server3 ~]# vim /root/pass
[root@server3 ~]# mkdir -p /mnt/smbspace
[root@server3 ~]# mount -a
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
[root@server3 ~]#
[root@server3 ~]# vim /etc/fstab
[root@server3 ~]# smbclient -L //desktop3
Enter root's password:
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
DESKTOP3 Samba Server Version 4.1.1
SERVER3 Samba Server Version 4.1.1
Workgroup Master
--------- -------
MYGROUP SERVER3
[root@server3 ~]# cat /root/pass
username=frankenstein
password=SaniTago
[root@server3 ~]#
[root@server3 ~]# mount -a
[root@server3 ~]# logout
Connection to server3 closed.
[root@desktop3 ~]# cat /etc/samba/smb.conf
# This is the main Samba configuration file. For detailed
information about the
# options listed here, refer to the smb.conf(5) manual page.
Samba has a huge
# number of configurable options, most of which are not shown in
this example.
#
# The Official Samba 3.2.x HOWTO and Reference Guide contains
step-by-step
# guides for installing, configuring, and using Samba:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# The Samba-3 by Example guide has working examples for smb.conf.
This guide is
# generated daily: http://www.samba.org/samba/docs/Samba-
Guide.pdf
#
# In this file, lines starting with a semicolon (;) or a hash (#)
are
# comments and are ignored. This file uses hashes to denote
commentary and
# semicolons for parts of the file you may wish to configure.
#
# Note: Run the "testparm" command after modifying this file to
check for basic
# syntax errors.
#
#---------------
# Security-Enhanced Linux (SELinux) Notes:
#
# Turn the samba_domain_controller Boolean on to allow Samba to
use the useradd
# and groupadd family of binaries. Run the following command as
the root user to
# turn this Boolean on:
# setsebool -P samba_domain_controller on
#
# Turn the samba_enable_home_dirs Boolean on if you want to share
home
# directories via Samba. Run the following command as the root
user to turn this
# Boolean on:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory, such as a new top-level
directory, label it
# with samba_share_t so that SELinux allows Samba to read and
write to it. Do
# not label system directories, such as /etc/ and /home/, with
samba_share_t, as
# such directories should already have an SELinux label.
#
# Run the "ls -ldZ /path/to/directory" command to view the
current SELinux
# label for a given directory.
#
# Set SELinux labels only on files and directories you have
created. Use the
# chcon command to temporarily change a label:
# chcon -t samba_share_t /path/to/directory
#
# Changes made via chcon are lost when the file system is
relabeled or commands
# such as restorecon are run.
#
# Use the samba_export_all_ro or samba_export_all_rw Boolean to
share system
# directories. To share such directories and only allow read-only
permissions:
# setsebool -P samba_export_all_ro on
# To share such directories and allow read and write permissions:
# setsebool -P samba_export_all_rw on
#
# To run scripts (preexec/root prexec/print command/...), copy
them to the
# /var/lib/samba/scripts/ directory so that SELinux will allow
smbd to run them.
# Note that if you move the scripts to /var/lib/samba/scripts/,
they retain
# their existing SELinux labels, which may be labels that SELinux
does not allow
# smbd to run. Copying the scripts will result in the correct
SELinux labels.
# Run the "restorecon -R -v /var/lib/samba/scripts" command as
the root user to
# apply the correct SELinux labels to these files.
#
#--------------
#
#======================= Global Settings
=====================================
[global]
security = user
passdb backend = tdbsam
; security = domain
; passdb backend = tdbsam
; realm = MY_REALM
[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[root@desktop3 ~]#
[root@desktop3 ~]# ssh server3
root@server3's password:
Last login: Mon Jun 8 06:22:46 2015 from desktop3.example.com
[root@server3 ~]# cat /etc/samba/smb.conf
# This is the main Samba configuration file. For detailed
information about the
# options listed here, refer to the smb.conf(5) manual page.
Samba has a huge
# number of configurable options, most of which are not shown in
this example.
#
# The Official Samba 3.2.x HOWTO and Reference Guide contains
step-by-step
# guides for installing, configuring, and using Samba:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# The Samba-3 by Example guide has working examples for smb.conf.
This guide is
# generated daily: http://www.samba.org/samba/docs/Samba-
Guide.pdf
#
# In this file, lines starting with a semicolon (;) or a hash (#)
are
# comments and are ignored. This file uses hashes to denote
commentary and
# semicolons for parts of the file you may wish to configure.
#
# Note: Run the "testparm" command after modifying this file to
check for basic
# syntax errors.
#
#---------------
# Security-Enhanced Linux (SELinux) Notes:
#
# Turn the samba_domain_controller Boolean on to allow Samba to
use the useradd
# and groupadd family of binaries. Run the following command as
the root user to
# turn this Boolean on:
# setsebool -P samba_domain_controller on
#
# Turn the samba_enable_home_dirs Boolean on if you want to share
home
# directories via Samba. Run the following command as the root
user to turn this
# Boolean on:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory, such as a new top-level
directory, label it
# with samba_share_t so that SELinux allows Samba to read and
write to it. Do
# not label system directories, such as /etc/ and /home/, with
samba_share_t, as
# such directories should already have an SELinux label.
#
# Run the "ls -ldZ /path/to/directory" command to view the
current SELinux
# label for a given directory.
#
# Set SELinux labels only on files and directories you have
created. Use the
# chcon command to temporarily change a label:
# chcon -t samba_share_t /path/to/directory
#
# Changes made via chcon are lost when the file system is
relabeled or commands
# such as restorecon are run.
#
# Use the samba_export_all_ro or samba_export_all_rw Boolean to
share system
# directories. To share such directories and only allow read-only
permissions:
# setsebool -P samba_export_all_ro on
# To share such directories and allow read and write permissions:
# setsebool -P samba_export_all_rw on
#
# To run scripts (preexec/root prexec/print command/...), copy
them to the
# /var/lib/samba/scripts/ directory so that SELinux will allow
smbd to run them.
# Note that if you move the scripts to /var/lib/samba/scripts/,
they retain
# their existing SELinux labels, which may be labels that SELinux
does not allow
# smbd to run. Copying the scripts will result in the correct
SELinux labels.
# Run the "restorecon -R -v /var/lib/samba/scripts" command as
the root user to
# apply the correct SELinux labels to these files.
#
#--------------
#
#======================= Global Settings
=====================================
[global]
security = user
passdb backend = tdbsam
; security = domain
; passdb backend = tdbsam
; realm = MY_REALM
; map archive = no
; map hidden = no
; map read only = no
; map system = no
; store dos attributes = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[common]
path = /common
comment = "This is test share"
browseable = yes
writable = no
valid users = susan
hosts allow = 172.25.3.0/24
[root@server3 ~]#
[root@server3 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 10G 3.1G 7.0G 31% /
devtmpfs 906M 0 906M 0% /dev
tmpfs 921M 140K 921M 1% /dev/shm
tmpfs 921M 17M 904M 2% /run
tmpfs 921M 0 921M 0% /sys/fs/cgroup
tmpfs 921M 17M 904M 2% /run/netns
//desktop3/OPENGROUP 10G 3.1G 7.0G 31% /mnt/smbspace
[root@server3 ~]#
=================================================================
==============================
13.
[root@server3 ~]#
Dependencies Resolved
=================================================================
============
Package Arch Version
Repository Size
=================================================================
============
Installing:
targetcli noarch 2.1.fb34-1.el7
rhel_dvd 55 k
Installing for dependencies:
pyparsing noarch 1.5.6-9.el7
rhel_dvd 94 k
python-configshell noarch 1:1.1.fb11-3.el7
rhel_dvd 64 k
python-kmod x86_64 0.9-4.el7
rhel_dvd 57 k
python-rtslib noarch 2.1.fb46-1.el7
rhel_dvd 75 k
python-urwid x86_64 1.1.1-3.el7
rhel_dvd 654 k
Transaction Summary
=================================================================
============
Install 1 Package (+5 Dependent packages)
Installed:
targetcli.noarch 0:2.1.fb34-1.el7
Dependency Installed:
pyparsing.noarch 0:1.5.6-9.el7
python-configshell.noarch 1:1.1.fb11-3.el7
python-kmod.x86_64 0:0.9-4.el7
python-rtslib.noarch 0:2.1.fb46-1.el7
python-urwid.x86_64 0:1.1.1-3.el7
Complete!
[root@server3 Desktop]#
[root@server3 Desktop]# systemctl enable target.service
ln -s '/usr/lib/systemd/system/target.service'
'/etc/systemd/system/multi-user.target.wants/target.service'
[root@server3 Desktop]# systemctl start target.service
[root@server3 Desktop]#
[root@server3 Desktop]# targetcli
Warning: Could not load preferences file
/root/.targetcli/prefs.bin.
targetcli shell version 2.1.fb34
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/> ls
o- / ............................................................
...... [...]
o-
backstores ......................................................
. [...]
| o- block ........................................... [Storage
Objects: 0]
| o- fileio .......................................... [Storage
Objects: 0]
| o- pscsi ........................................... [Storage
Objects: 0]
| o- ramdisk ......................................... [Storage
Objects: 0]
o- iscsi .....................................................
[Targets: 0]
o- loopback ..................................................
[Targets: 0]
/> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json
[root@server3 Desktop]#
/> cd /backstores/block
/backstores/block> create server3:disk1 /dev/vdb5
Created block storage object server3:disk1 using /dev/vdb5.
/backstores/block> cd ../../iscsi
/iscsi> create wwn=iqn.2015-06.com.example.server3
Created target iqn.2015-06.com.example.server3.
Created TPG 1.
/iscsi> cd iqn.2015-06.com.example.server3/tpg1/
iqn.2015-06.com.example.server3/tpg1/acls/
iqn.2015-06.com.example.server3/tpg1/luns/
iqn.2015-06.com.example.server3/tpg1/portals/
...........path
/iscsi> cd iqn.2015-06.com.example.server3/tpg1/
/iscsi> cd iqn.2015-06.com.example.server3/tpg1/acls
/iscsi/iqn.20...er3/tpg1/acls> create wwn=iqn.2015-
06.com.example.desktop3
Created Node ACL for iqn.2015-06.com.example.desktop3
/iscsi/iqn.20...er3/tpg1/acls> cd ../luns
/iscsi/iqn.20...er3/tpg1/luns> create
/backstores/block/server3:disk1
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2015-
06.com.example.desktop3
/iscsi/iqn.20...er3/tpg1/luns> cd ../portals
/iscsi/iqn.20.../tpg1/portals> create ip_address=172.25.3.11
ip_port=3260
Using default IP port 3260
Created network portal 172.25.3.11:3260.
/iscsi/iqn.20.../tpg1/portals> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json
[root@server3 Desktop]# systemctl restart target.service
[root@server3 Desktop]# firewall-cmd --permanent --add-
port=3260/tcp
success
[root@server3 Desktop]# firewall-cmd --reload
success
[root@server3 Desktop]#
=================================================================
============================================
14.
[root@desktop3 ~]#
[root@desktop3 ~]# fdisk /dev/sda
Welcome to fdisk (util-linux 2.23.2).
[root@desktop3 ~]#
[root@desktop3 ~]# blkid /dev/sda1
/dev/sda1: UUID="1cedc67b-08af-486a-99f5-3d3ce105e1b7"
TYPE="ext4"
[root@desktop3 ~]# echo "UUID=1cedc67b-08af-486a-99f5-
3d3ce105e1b7 /mnt/initiator ext4 _netdev 0 0" >>/etc/fstab
[root@desktop3 ~]# mkdir /mnt/initiator
[root@desktop3 ~]# mount -a
[root@desktop3 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 10G 3.1G 7.0G 31% /
devtmpfs 906M 0 906M 0% /dev
tmpfs 921M 80K 921M 1% /dev/shm
tmpfs 921M 17M 904M 2% /run
tmpfs 921M 0 921M 0%
/sys/fs/cgroup
server3:/common 10G 3.1G 7.0G 31% /public
server3:/restricted/protected 10G 3.1G 7.0G 31% /secure
/dev/sda1 772M 1.6M 714M 1%
/mnt/initiator
[root@desktop3 ~]#
=================================================================
==================
15.
* Mariadb
- Configure mariadb on Server,
- On system1, mariadb has corrupted due to some
issues.
anyhow you have the logical backup file
http://classroom.example.com/pub/mariadb.mdb
- Install a new mariadb server and restore the
database from the above provided file.
- Create a database called student
- Restore the database from the dump file
- A new ticket has been assigned to you to create new
remote access accounts
with the following information.
User
Accepts connection from host
Password
Privileges
andrew
localhost
andrew_password
select on all tables from student database
legacy
anyhost
legacy_password
select,insert,update,delete on all tables from student database
michael
localhost
michael_password
select on all tables from student database
#mysql -u root
#create database student
#mysql -u root student <
http://classroom.example.com/pub/mariadb.mdb
#DESCRIBE SERVERS
#CREATE USER andrew@localhost identified by 'andrew_password ' ;
#CREATE USER legacy@'%' identified by 'legacy_password' ;
#CREATE USER michael@localhost identified by 'michael_password' ;
=================================================================
============
16.
* Mariadb Query.
- Enter the correct ID of X110 64GB product from the
table product
#use student
#DESCRIBE product
#INSERT INTO Product ( ) values ();
#INSERT INTO Product ( ) values ();
Ex
INSERT INTO manufacturer ( name,seller,phone_number )
values( 'HP','Joe Doe','+1 ( 432 ) 754 - 35 0 9') ;
Verify Delete
DELETE FROM Product WHERE name LIKE 'Memory' ;
=================================================================
=================================================================
===============
17.
* Script1
- create a script called /root/conditional with
following details.
- When run as /root/conditional postconf, should
bring the output as "postroll"
- When run as /root/conditional postroll, should
bring the output as "postconf"
- When run with any other argument or without
argument,
should bring the stderr as "/root/condition
postconf|postroll"
#vim /root/conditional
#!/bin/bash
case $@ in #Here
$@ means each argument is seen as a separate word, also we have
$# which represents the no of command line arguments passed to a
script.
postconf ) echo "Postroll";;
# also $? returns the exit status of the executed
command , upon completion , a commonds exit status is passed to
the parent process and stored in ? variable.
Postroll ) echo "postconf";;
*) echo "/root/conditional postconf | Postroll";;
esac
#vim /root/conditional
#!/bin/bash
if [ $1 == "postroll" ] then echo "postconf"
elif [ $1 == "postconf" ] then echo "postroll"
else echo "/root/condition postconf|postroll"
fi
=================================================================
=================================================================
==================
18.
* Script2
- Create a script called /root/makeusers
- When this script is called with the testfile
argument, it should add all the users from the file
- Download the file from
http://classroom.example.com/testfile
- All users should have the login shell as
/bin/false, password not required.
- When this script is called with anyother argument,
it should print the message as "Input File Not Found"
- When this script is run without any argument, it
should display "Usage: /root/makeusers"
- NOTE: If the users are added no need to delete.
#wget http://classroom.example.com/pub/testfile
#vim /root/makeusers
#!/bin/bash
a=""
case $@ in
testfile )
#!/bin/bash
if [ -f $1 ]
then
if [ -s $1 ]
then
user=`cat $1`
for i in $user
do
useradd $i
echo "The $i user has been created"
done
else
echo "$1 is empty file"
fi
else
echo "the $1 file is not exists"
fi
=================================================================
=================================================================
=====================
19.
* Webserver.
- Implement a webserver on Server for the site
http://serverX.example.com (172.25.X.0/24, X is the foundation
machine no.)
- Download the webpage from
http://classroom.example.com/rhce.html
- rename the downloaded file in to index.html.
- copy the file into the document root.
- Do not make any modification with the content of
the index.html.
wget http://station.network0.example.com/pub/rhce/rhce.html
mv rhce.html /var/www/html/index.html
cd /etc/httpd/conf.d/
vim server1.conf
<VirtualHost *:80>
ServerAdmin webmaster@server1.example.com
ServerName server1.example.com
DocumentRoot /var/www/html
CustomLog "logs/server1_access_log" combined
ErrorLog "logs/server1_error_log"
</VirtualHost>
<Directory "/var/www/html">
<RequireAll>
Require all granted
Require not host my22ilt.org
</RequireAll>
</Directory>
=================================================================
=================================================================
=====================
20.
* secured webserver
- configure the website https://serverX.example.com
with TLS
- SSLCertificate file
http://classroom.example.com/pub/tls/certs/serverX.crt
- SSLCertificatekeyfile
http://classroom.example.co/pub/tls/private/serverX.key
- SSL CA certificate file
http://classroom.example.com/pub/example-ca.crt
wget
http://classroom.example.com/pub/rhce/tls/certs/system1.network1.
crt
wget
http://classroom.example.com/pub/rhce/tls/private/system1.network
1.key
wget http://classroom.example.com/pub/example-ca.crt
mv system1.network1.crt /etc/pki/tls/certs/
mv system1.network1.key /etc/pki/tls/private/
mv example-ca.crt /etc/pki/tls/certs/
vim /etc/httpd/conf.d/server1.conf
<VirtualHost *:443>
ServerName server1.example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
</VirtualHost>
=================================================================
=================================================================
=====================
21.
mkdir /var/www/html/owndir
restorecon –Rv /var/www/html
cd /var/www/html/owndir
wget http://station.network0.example.com/pub/rhce/restrict.html
mv restrict.html intex.html
vi /etc/httpd/conf.d/server1.conf
(Add this)
<Directory "/var/www/html/owndir">
AllowOverride None
Require all Denied
Require local
</Directory>
=================================================================
=================================================================
=====================
22.
* Virtual hosting.
- Setup a virtual host with an alternate document root
on Server. Extend your web to include a virtual for the site
http://wwwX.example.com
Set the document root as /srv/netX/vhosts
Download http://classroom.example.com/vhost.html
rename it as index.html
place this document root of the virtual host
- Note: The other websites configures for your server
must still be accessible.
wwwX.example.com is resolvable by the DNS
server in our lab.
cd /usr/local/vhosts
mkdir /usr/local/vhosts
cd /usr/local/vhosts
wget http://station.network0.example.com/pub/rhce/vhost.html
mv vhost.html index.html
vim /etc/httpd/conf.d/vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster@vhosts1.example.com
ServerName vhosts1.example.com
DocumentRoot /usr/local/vhosts
CustomLog "logs/vhosts_access_log" combined
ErrorLog "logs/vhosts_error_log"
</VirtualHost>
<Directory "/usr/local/vhosts">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
=================================================================
=================================================================
=====================
23.
mkdir –p /srv/www/dynamic/
cd /srv/www/dynamic/
wget http://classroom.example.com/pub/webapp.wsgi
restorecon –Rv /srv/www/dynamic/
vim /etc/httpd/conf/httpd.conf
Listen 8961
vim /etc/httpd/conf.d/wsgi1.conf
<VirtualHost *:8961>
ServerAdmin webmaster@wsgi1.example.com
ServerName wsgi1.example.com
DocumentRoot /var/www/scripts # We don’t need it,only testing
WSGIScriptAlias / /var/www/scripts/webapp.wsgi
CustomLog "logs/wsgi_access_log" combined
ErrorLog "logs/wsgi_error_log"
</VirtualHost>
<Directory "/var/www/scripts">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
=================================================================
=================================================================
=====================
===========================================END===================
=END=============================================================
==================